We were alerted to a scam that is currently found on Facebook. It’s worth noting that this scam uses the mobile messaging app WhatsApp. Users may encounter this scam via Facebook notification requests or contacts’ “Likes”.
The scam takes off like a typical scam: users are redirected to a fake WhatsApp Facebook page that requires users’ permissions. Once app permission request is granted, it displays other Facebook users, usually victims’ own contacts, who are supposedly using the WhatsApp app.
Interestingly, users are lead to a user’s agreement page that appears to target mobile users. The page contains icons of different mobile device OS to appear legitimate.
When users agree and gives permission to the said app, they are then lead to different pages, which vary depending on the victim’s location. For users located in countries such as the United States, Australia, New Zealand, Germany, and Great Britian, they are lead to a fake Starbucks giftcard page. Those who are not located in any of these countries are lead to a different page containing an image.
We have previously reported fake Android app pages that spoof popular mobile apps like Instagram, Farm Frenzy, and Angry Birds Space. But this new scam suggests that it won’t be long before we see links to fake Android apps spreading on Facebook.
Trend Micro protects users from this threat via the Smart Protection Network™, preventing access to the site survey scams. Because of its more than 900 million users, Facebook is a natural target of scams such as this incident. To know more on how to protect yourself from these threats, in particular survey scams, you may read our FAQ entry Survey Scams Aimed at Social Networking Netizens.
Update as of August 23, 2012 10:47 AM, PST
We also spotted an app in Facebook named Whatsapp Messenger, which can access a user’s friends’ contact information. Upon checking, it leads to another fake app named Temple Run V.2 for Facebook. When the user clicks on play, it automatically sends requests to the affected Facebook user’s friends list, thus spreading the scam. Trend Micro already blocks this threat.